I'm using onlyoffice with nextcloud. In nextcloud I simply typed the url of onlyoffice and saved the configuration and after that I started using them togheter.

How can I sure that onlyoffice is secure and nobody can use it in an unwanted way? In fact I don't think it's an exclusive relationship between nextcloud and onlyoffice, is it there a way to limit the usage of onlyoffice only with our nextcloud, or any way to improve security?

Note: starting from Document Server version 5.2, JWT is enabled in local.json config.
You also need to indicate the exact secret value in ONLYOFFICE integration app settings in Nextcloud for connection to work.

Restarting the container reverts the changed parameters of document server config to default values (set via environment variable). Please open the local.json file and check if JWT is enabled. You need to restart only document server services after changing the config.

Sorry for delay,
I had temporarily suspended the project.
I think it's there some confusing between local and default json.
Now it's work also restarting the VM.
Where do I need to place the token into Next Cloud ?
My .htaccess in Next Cloud contains following rows: